Ride-Hailing App Careem Admits to Data Breach that Affected its 14 Million Users

Ride-hailing service Careem on Monday said that the data of its 14 million customers and drivers was stolen in January this year.

The Dubai-based company, in a blog posted on its website, said that the data of all customers and captains who signed up on its network before January 14 was compromised in the attack.

“Careem has identified a cyber-incident involving unauthorized access to the system we use to store data,” the company wrote in a blog post.

“On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected,” it added.

The company tendered an apology to its customers for the breach.

“We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”

“As online criminals’ methods and tactics continue to evolve and become ever more sophisticated, it is our duty to meet these threats,” Careem acknowledged.

The Dubai-based transportation network company says the breach affected its 14 million customers and 558,000 captains

The company said that the breached data included the names, phone numbers, emails and and trip history.

“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” the company said.

It, however, said there was no evidence that the passwords and credit card information of the customers was stolen.

“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” it added.

Careem said soon after detecting the breach, it launched a thorough investigation in collaboration with cybersecurity experts and law enforcement agencies.

It, however, said that the identity of hackers is still unknown.

The company issued a set of instructions for its customers and drivers to protect their personal information, urging them to update their passwords, review bank account and ask statements for any suspicious activity, remain cautious of any unsolicited communication that seek access to sensitive data, and avoid clicking links or downloading attachments from unfamiliar emails.

Careem was founded in 2012 and has operations in thirteen countries of and over 90 cities in the Middle East, South Asia and North Africa.